I am pretty new to the framework, but from what I have done/seen so far I have to say it looks FanTastic!! I managed to build a lovely little basic web app and it took me hardly any time atall.!
Anyway, I have just started a reasonably large project and I have (what is probably quite a fundamental) question about User's and UserIdentity. In the site there are going to be two rather different types of User, with 2 separate User tables.
How would I be suggested to Model this. I was thinking of simply having a setState("userType") in the UserIdentity but I'm not sure if this will cause things to be untidy later on. I expect there is a better way. Perhaps I should have different UserIdentity objects for the two user types?
First, you definitely need two AR classes to represent the user tables.
Second, you can use the same UserIdentity or different identity classes, depending on how you would perform the authentication.
Yes, you would need some flag to tell which type the current user is. Saving this flag in setState('userType') should be fine. You would be able to access this flag via Yii::app()->user->userType, then.
qiang… how about RBAC for that approach ? I'm currently working on project which involves also two different types of users in two separate db tables.
If I for example do:
// for user ID=1 in table usersA
// for user ID=1 in table users B
how auth manager could possibly distinguish what user (meaning ‘1’) am I talking about?
both users from both tables would have enabled both tasks.
In this case I would suggest you do not use user ID alone to perform RBAC. Instead, you may use a string like "userID@tableName" to identify a user in RBAC. The userid in RBAC does not need to be an integer.
you didn't tell that $auth->assign() must be loaded every time, not just once like the rbac settings!
that sh*t's cool… i just need to add in every user identity $auth->assign('someUser', $this->username)
and everything works well.
Ok thanks people.
I wonder though if I can get away with having the 2 user types without RBAC.
When defining the access control filter for example, I could maybe set the ‘expression’ to be some expression which returns true if the user is of the correct type ?
So something like,
I am assuming that expression will be eval'd… Forgive me if I have misunderstood something here.
Yes, this expression is fine, but you may want to check isGuest field first.